inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged up to HEAD.

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/WCM-DEV2/root@3129 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Britt Park
2006-06-16 19:18:30 +00:00
parent 936f6d7021
commit 7f79a2a498
118 changed files with 14354 additions and 843 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
source/java/org/alfresco/repo/security/permissions/impl/AllowPermissionServiceImpl.java Normal file
View File

@@ -0,0 +1,41 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.permissions.impl;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
public class AllowPermissionServiceImpl extends PermissionServiceImpl
{
public AllowPermissionServiceImpl()
{
}
@Override
public AccessStatus hasPermission(NodeRef nodeRef, PermissionReference perm)
{
return AccessStatus.ALLOWED;
}
@Override
public AccessStatus hasPermission(NodeRef nodeRef, String perm)
{
return AccessStatus.ALLOWED;
}
}

17
source/java/org/alfresco/repo/security/permissions/impl/ExceptionTranslatorMethodInterceptor.java
View File

@@ -16,11 +16,14 @@
*/
package org.alfresco.repo.security.permissions.impl;
import net.sf.acegisecurity.AccessDeniedException;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.springframework.dao.InvalidDataAccessApiUsageException;
/**
* Interceptor to translate and possibly I18Nize exceptions thrown by service calls.
*/
public class ExceptionTranslatorMethodInterceptor implements MethodInterceptor
{
private static final String MSG_ACCESS_DENIED = "permissions.err_access_denied";
@@ -36,10 +39,14 @@ public class ExceptionTranslatorMethodInterceptor implements MethodInterceptor
{
return mi.proceed();
}
catch(AccessDeniedException ade)
catch (net.sf.acegisecurity.AccessDeniedException ade)
{
throw new org.alfresco.repo.security.permissions.AccessDeniedException(MSG_ACCESS_DENIED, ade);
throw new AccessDeniedException(MSG_ACCESS_DENIED, ade);
}
catch (InvalidDataAccessApiUsageException e)
{
// this usually occurs when the server is in read-only mode
throw new AccessDeniedException(MSG_ACCESS_DENIED, e);
}
}
}

79
source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryAfterInvocationProvider.java
View File

@@ -33,6 +33,7 @@ import net.sf.acegisecurity.afterinvocation.AfterInvocationProvider;
import org.alfresco.repo.search.SimpleResultSetMetaData;
import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
import org.alfresco.service.cmr.model.FileInfo;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
@@ -175,6 +176,10 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
}
return decide(authentication, object, config, (NodeRef) returnedObject);
}
else if (FileInfo.class.isAssignableFrom(returnedObject.getClass()))
{
return decide(authentication, object, config, (FileInfo) returnedObject);
}
else if (ChildAssociationRef.class.isAssignableFrom(returnedObject.getClass()))
{
if (log.isDebugEnabled())
@@ -237,7 +242,10 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
}
public NodeRef decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
public NodeRef decide(
Authentication authentication,
Object object,
ConfigAttributeDefinition config,
NodeRef returnedObject) throws AccessDeniedException
{
@@ -277,6 +285,20 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
return returnedObject;
}
public FileInfo decide(
Authentication authentication,
Object object,
ConfigAttributeDefinition config,
FileInfo returnedObject) throws AccessDeniedException
{
NodeRef nodeRef = returnedObject.getNodeRef();
// this is virtually equivalent to the noderef
decide(authentication, object, config, nodeRef);
// the noderef was allowed
return returnedObject;
}
private List<ConfigAttributeDefintion> extractSupportedDefinitions(ConfigAttributeDefinition config)
{
List<ConfigAttributeDefintion> definitions = new ArrayList<ConfigAttributeDefintion>();
@@ -455,31 +477,23 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
if (StoreRef.class.isAssignableFrom(nextObject.getClass()))
{
testNodeRef = nodeService.getRootNode((StoreRef) nextObject);
if (log.isDebugEnabled())
{
log.debug("\tNode Test on store " + nodeService.getPath(testNodeRef));
}
}
else if (NodeRef.class.isAssignableFrom(nextObject.getClass()))
{
testNodeRef = (NodeRef) nextObject;
if (log.isDebugEnabled())
{
log.debug("\tNode Test on node " + nodeService.getPath(testNodeRef));
}
}
else if (ChildAssociationRef.class.isAssignableFrom(nextObject.getClass()))
{
testNodeRef = ((ChildAssociationRef) nextObject).getChildRef();
if (log.isDebugEnabled())
{
log.debug("\tNode Test on child association ref using " + nodeService.getPath(testNodeRef));
}
}
else if (FileInfo.class.isAssignableFrom(nextObject.getClass()))
{
testNodeRef = ((FileInfo) nextObject).getNodeRef();
}
else
{
throw new ACLEntryVoterException(
"The specified parameter is not a collection of NodeRefs or ChildAssociationRefs");
"The specified parameter is not a collection of NodeRefs, ChildAssociationRefs or FileInfos");
}
}
else if (cad.typeString.equals(AFTER_ACL_PARENT))
@@ -488,27 +502,18 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
{
// Will be allowed
testNodeRef = null;
if (log.isDebugEnabled())
{
log.debug("\tParent Test on store ");
}
}
else if (NodeRef.class.isAssignableFrom(nextObject.getClass()))
{
testNodeRef = nodeService.getPrimaryParent((NodeRef) nextObject).getParentRef();
if (log.isDebugEnabled())
{
log.debug("\tParent test on node " + nodeService.getPath(testNodeRef));
}
}
else if (ChildAssociationRef.class.isAssignableFrom(nextObject.getClass()))
{
testNodeRef = ((ChildAssociationRef) nextObject).getParentRef();
if (log.isDebugEnabled())
{
log.debug("\tParent Test on child association ref using "
+ nodeService.getPath(testNodeRef));
}
}
else if (FileInfo.class.isAssignableFrom(nextObject.getClass()))
{
testNodeRef = ((FileInfo) nextObject).getNodeRef();
}
else
{
@@ -516,7 +521,12 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
"The specified parameter is not a collection of NodeRefs or ChildAssociationRefs");
}
}
if (log.isDebugEnabled())
{
log.debug("\t" + cad.typeString + " test on " + testNodeRef + " from " + nextObject.getClass().getName());
}
if (allowed
&& (testNodeRef != null)
&& (permissionService.hasPermission(testNodeRef, cad.required.toString()) == AccessStatus.DENIED))
@@ -576,6 +586,10 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
{
testNodeRef = ((ChildAssociationRef) current).getChildRef();
}
else if (FileInfo.class.isAssignableFrom(current.getClass()))
{
testNodeRef = ((FileInfo) current).getNodeRef();
}
else
{
throw new ACLEntryVoterException("The specified array is not of NodeRef or ChildAssociationRef");
@@ -596,12 +610,21 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
{
testNodeRef = ((ChildAssociationRef) current).getParentRef();
}
else if (FileInfo.class.isAssignableFrom(current.getClass()))
{
testNodeRef = ((FileInfo) current).getNodeRef();
}
else
{
throw new ACLEntryVoterException("The specified array is not of NodeRef or ChildAssociationRef");
}
}
if (log.isDebugEnabled())
{
log.debug("\t" + cad.typeString + " test on " + testNodeRef + " from " + current.getClass().getName());
}
if (incudedSet.get(i)
&& (testNodeRef != null)
&& (permissionService.hasPermission(testNodeRef, cad.required.toString()) == AccessStatus.DENIED))

4
source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryVoter.java
View File

@@ -153,8 +153,8 @@ public class ACLEntryVoter implements AccessDecisionVoter, InitializingBean
if ((attribute.getAttribute() != null)
&& (attribute.getAttribute().startsWith(ACL_NODE)
|| attribute.getAttribute().startsWith(ACL_PARENT)
|| attribute.getAttribute().startsWith(ACL_ALLOW) || attribute.getAttribute().startsWith(
ACL_METHOD)))
|| attribute.getAttribute().startsWith(ACL_ALLOW)
|| attribute.getAttribute().startsWith(ACL_METHOD)))
{
return true;
}